Petterati Privacy policy

Petterati  operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). Petterati is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information. 

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy. 

Personal Information We Collect or Process When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you. We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law: 

  • Contact details including your name, address, billing address, shipping address, phone number, and email address. 

  • Financial information including credit card, debit card, and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation and other payment details. 

  • Account information including your username, password, security questions, preferences and settings. 

  • Transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions. 

  • Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry. 

  • Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers. 

  • Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services. 

Personal Information Sources We may collect personal information from the following sources: 

  • Directly from you including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information; 

  • Automatically through the Services including from your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies; 

  • From our service providers including when we engage them to enable certain technology and when they collect or process your personal information on our behalf; 

  • From our partners or other third parties. 

How We Use Your Personal Information Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes: 

  • Provide, Tailor, and Improve the Services. We use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfill your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customized shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services. 

  • Marketing and Advertising. We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you online advertisements for products or services on the Services or other websites, including based on items you previously have purchased or added to your cart and other activity on the Services. 

  • Security and Fraud Prevention. We use your personal information to authenticate your account, to provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and to secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password or other access details with anyone else. 

  • Communicating with You. We use your personal information to provide you with customer support, to be responsive to you, to provide effective services to you and to maintain our business relationship with you. 

  • Legal Reasons. We use your personal data to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies. This processing is carried out under Section 7(c) of the DPDPA (Deemed Consent) and does not require your active consent. Please note that, in accordance with s.7(c) + Section 29 of the DPDPA, we are legally prohibited from notifying you if a government authority requests access to your personal data. Any transparency commitments set out elsewhere in this Privacy Policy are subject to this statutory restriction. 

How We Disclose Personal Information In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include: 

  • With Shopify, vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping). 

  • With business and marketing partners to provide marketing services and advertise to you. For example, we use Shopify to support personalized advertising with third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your information in accordance with their own privacy notices. Depending on where you reside, you may have a right to direct us not to share information about you to show you targeted advertisements and marketing based on your online activity with different merchants and websites. 

  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations. 

  • With our affiliates or otherwise within our corporate group. 

  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others. 

Cross-Brand Data Sharing within CavinKare Petterati is part of the CavinKare group of companies. In order to provide you with a consistent and personalised experience across our portfolio of brands and products, we may share your personal information with other CavinKare group entities and brands for purposes such as customer relationship management (CRM), customer data platform (CDP) operations, unified customer profiling, cross-brand marketing and promotional communications, product recommendations, and analytics and business intelligence. Such sharing is governed by internal data sharing agreements and is limited to what is necessary for the stated purposes. Each CavinKare brand entity that receives your personal information is required to handle it in accordance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDPA).We will obtain your separate, specific, and unconditional consent, in compliance with Section 6 of the DPDPA, before using your personal data for cross-brand marketing purposes. Cross-brand marketing constitutes a distinct processing purpose and will not be bundled with or conditioned upon consent for transactional or service-related processing. You may opt out of cross-brand marketing communications at any time by contacting us at the details provided below or by using the unsubscribe option in any such communication. 

Relationship with Shopify The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy. Depending on where you live, you may exercise certain rights with respect to your personal information here Shopify Privacy Portal Link. 

Third Party Websites and Links The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services. 

Children's Data For the purposes of this Privacy Policy, a “child” means any individual under 18 years of age, in accordance with Section  + Rule 10 of the Digital Personal Data Protection Act, 2023 (DPDPA). The Services are not directed at children. We do not process the personal data of any child without first obtaining verifiable consent from the child’s parent or lawful guardian. Prior to processing, the consenting parent or guardian must be verified as an adult (18 years or above) using reliable identity documentation, including government-issued identification or a virtual token issued via a government-authorised Digital Locker service. Processing of a child’s personal data will not commence until such verification is complete. We do not track, profile, or direct targeted advertising at individuals under 18 years of age, in compliance with Section 9(1) DPDPA. If you are the parent or guardian of a child whose personal data has been processed in breach of these provisions, please contact our Grievance Officer at the details set out below to request erasure. We do not share or sell the personal data of individuals under 18 years of age. 

Compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) We are committed to complying with the Digital Personal Data Protection Act, 2023 (DPDPA) and any rules or regulations notified thereunder. In accordance with the DPDPA: 

  • We process your personal data only for lawful purposes and on the basis of your consent, or as otherwise permitted under applicable law. 

  • We will provide you with a clear and itemised notice, in plain language, describing the personal data being collected and the purpose for which it is being processed, prior to seeking your consent. 

  • You have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to such withdrawal. Upon withdrawal, we will cease processing your personal data unless processing is required or permitted under any other applicable law. 

  • You have the right to access a summary of your personal data being processed, the processing activities undertaken, and the identities of all Data Fiduciaries and Data Processors with whom your data has been shared. 

  • You have the right to correction, completion, updating, and erasure of your personal data, subject to applicable legal requirements and retention obligations. 

  • In the event of a personal data breach that is likely to affect you, we will notify the Data Protection Board of India and you, as required under applicable law. 

  • We have appointed a .Grievance Officer for the purposes of Section 8(7) of the DPDPA. [NAME AND DESIGNATION OF GRIEVANCE OFFICER TO BE INSERTED HERE]. The Grievance Officer can be reached at the contact details provided below. Data Principals may direct requests, complaints, and nomination registrations to the Grievance Officer. 

Security and Retention of Your Information Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us. 

To protect your personal information, we implement a range of technical and organisational security measures, including but not limited to: encryption of data in transit using industry-standard protocols (such as TLS/SSL); access controls and role-based permissions to limit access to personal data to authorised personnel only; regular security assessments and vulnerability reviews of our systems and infrastructure; pseudonymisation and, where appropriate, anonymisation of personal data; secure data storage practices with restricted physical and logical access; and employee training on data protection and information security obligations. While we take these measures to safeguard your information, please be aware that no system is completely immune to risk, and we encourage you to take appropriate precautions when sharing information online. 

How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide you with Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies. 

Your Rights and Choices Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law. 

  • Right to Access / Know. You may have a right to request access to personal information that we hold about you. 

  • Right to Delete. You may have a right to request that we delete personal information we maintain about you. 

  • Right to Correct. You may have a right to request that we correct inaccurate personal information we maintain about you. 

  • Right of Portability. You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions. 

  • Managing Communication Preferences. We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made. 

  • Right to Nominate. In accordance with Section 14 of the DPDPA, you have the right to nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity. To register a nominee, please contact our Grievance Officer using the details set out below. The nominated individual may exercise rights of access, correction, erasure, and withdrawal of consent in accordance with our then-current terms of service. 

You may exercise any of these rights where indicated on the Services or by contacting us using the contact details provided below. To learn more about how Shopify uses your personal information and any rights you may have, including rights related to data processed by Shopify, you can visit https://privacy.shopify.com/en. 

We will not discriminate against you for exercising any of these rights. We may need to verify your identity before we can process your requests, as permitted or required under applicable law. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.within 90 days of receipt of a verifiable request, in accordance with Rule 12 of the Digital Personal Data Protection Rules, 2025. 

Complaints If you have complaints about how we process your personal information, please contact our Grievance Officer using the contact details provided below. If you are not satisfied with our response, you may appeal our decision by writing to our Grievance Officer, or lodge a complaint with the Data Protection Board of India (DPBI), the statutory authority established under Section 18 + s.27 of the Digital Personal Data Protection Act, 2023. Information on filing complaints with the DPBI is available at the Board’s official portal. If you are resident outside India, you may additionally have recourse to your local data protection authority. 

International Transfers Please note that we may transfer, store and process your personal information outside the country you live in. 

Transfer of personal data of Indian Data Principals outside India: In accordance with Section 16 of the Digital Personal Data Protection Act, 2023, the personal data of Data Principals located in India will be transferred to, processed in, or stored in countries outside India only where such transfer is to a country or territory notified by the Central Government of India as permissible under Section 16 DPDPA. We will update this policy promptly upon notification of the approved-countries list by the Central Government. Until such notification, cross-border transfers of Indian personal data will be subject to standard contractual protections and conducted only to the extent permitted under applicable transitional provisions. 

If we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms like the European Commission’s Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection. 

Changes to This Privacy Policy We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date and provide notice as required by applicable law. 

Contact Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at consumerfeedback@cavinkare.com or contact us at No.12, Poonthamalle Road, Ekkatuthangal, Chennai, TN, 600032, IN 

Drop us a line